我正在尝试实现一项政策来阻止资源的编辑功能。
我的路线:
Route::resource('imagerequests', 'ImageRequestController');
我的 ImageRequestPolicy
class ImageRequestPolicy
{
use HandlesAuthorization;
const STATUS_EXECUTING = "executing";
public function edit(ImageRequest $imageRequest)
{
return $imageRequest->status !== self::STATUS_EXECUTING;
}
}
但我仍然可以访问“imagerequests/{id}/edit”路径
编辑
/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
ImageRequest::class => ImageRequestPolicy::class,
];
/**
* Register any authentication / authorization services.
*
* @return void
*/
public function boot()
{
$this->registerPolicies();
//
}
图像请求模型
class ImageRequest extends Model
编辑 ImageRequestController 方法
public function edit($id, ImageRequest $imageRequest)
{
$this->authorize('edit', $imageRequest);
$imageRequest = ImageRequest::findOrFail($id);
$requestTypes = RequestType::all();
$attachments = $this->imageRequestRepository->getAttachmentsListOfImageRequestById($id);
return view('imagerequest.edit', compact('imageRequest', 'requestTypes', 'attachments'));
}
最佳答案
你的编辑方法是错误的,它的第一个参数必须是用户:
public function edit(User $user, ImageRequest $imageRequest)
{
return $imageRequest->status !== self::STATUS_EXECUTING;
}
添加到你的ImageRequestController,编辑方法:
public function edit(ImageRequest $imageRequest) {
$this->authorize('edit',$imageRequest);
...
}
$user 参数由 laravel 自动添加。
还需要在AuthServiceProvider中注册策略。
protected $policies = [
ImageRequest::class => ImageRequestPolicy::class,
];
并且 ImageRequest 必须扩展 Model 类。是模型还是 illuminate\http\request ?
你的 Controller 有问题。你说你的路线是:
/imagerequests/26/编辑
在您的 Controller 中,您正在注入(inject)一个新的空白 ImageRequest,也许这就是它通过授权测试的原因。试试这个:
public function edit($id, ImageRequest $imageRequest)
{
$imageRequest = ImageRequest::findOrFail($id);
$this->authorize('edit', $imageRequest);
$requestTypes = RequestType::all();
$attachments = $this->imageRequestRepository->getAttachmentsListOfImageRequestById($id);
return view('imagerequest.edit', compact('imageRequest', 'requestTypes', 'attachments'));
}
关于php - Laravel 5.6 使用策略授权操作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53654755/